Update maven.yml

.github/workflows/maven.yml

@@ -73,35 +73,15 @@ jobs:
       run: |
         pack build ghcr.io/octodemo/spring-petclinic/spring-petclinic:${{ github.sha }} --builder paketobuildpacks/builder:base --env 'BP_JVM_VERSION=8.*' --tag ghcr.io/octodemo/spring-petclinic/spring-petclinic:latest --publish
     
-#    - name: 🛡 Scan container image for vulnerabilities
+    - name: 🛡 Scan container image for vulnerabilities
-#      uses: anchore/scan-action@v2
+      uses: anchore/scan-action@v2
-#      id: scan
+      id: scan
-#      with:
-#        image: "ghcr.io/octodemo/spring-petclinic/spring-petclinic:latest"
-#        acs-report-enable: true
-    
- #   - name: ⬆️ Upload Anchore scan SARIF report
- #     uses: github/codeql-action/upload-sarif@v1
- #     with:
- #       sarif_file: ${{ steps.scan.outputs.sarif }}
-    
-    - name: 🚓  Run Snyk to check Docker image for vulnerabilities
-      # Snyk can be used to break the build when it detects vulnerabilities.
-      # In this case we want to upload the issues to GitHub Code Scanning
-      continue-on-error: true
-      uses: snyk/actions/docker@master
-      id: snyk
-      env:
-        # In order to use the Snyk Action you will need to have a Snyk API token.
-        # More details in https://github.com/snyk/actions#getting-your-snyk-token
-        # or you can signup for free at https://snyk.io/login
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       with:
-        image: ghcr.io/octodemo/spring-petclinic/spring-petclinic:latest
+        image: "ghcr.io/octodemo/spring-petclinic/spring-petclinic:latest"
-    - name: ls
+        acs-report-enable: true
-      run:
+    
-        ls
+    - name: ⬆️ Upload Anchore scan SARIF report
-    - name: ⬆️ Upload result to GitHub Code Scanning
       uses: github/codeql-action/upload-sarif@v1
       with:
-        sarif_file: results.sarif
+        sarif_file: ${{ steps.scan.outputs.sarif }}
+